Field
Embodiments of the present invention generally relate to networking. In particular, various embodiments relate to socket Application Program Interfaces (APIs) configured for efficient, low latency, and faster computer data transactions between two network level applications.
Description of the Related Art
The Internet is a global network of computing devices and connects devices that use a variety of different operating systems and/or programming languages, including UNIX, DOS, Windows, and Macintosh, with each other to facilitate and allow communication among these various systems and languages through protocols such as Transmission Control Protocol/Internet Protocol (TCP/IP). TCP provides a guaranteed delivery and ordering scheme for data packets such that two or more computers using TCP can rely on the protocol to ensure that any given packet will reach its destination in the order originally transmitted. IP, on the other hand, provides a point-to-point packet transmission service without guaranteed delivery.
Hyper Text Transport Protocol (HTTP) relies on the existence of a TCP connection between a client's browser and a server computer in order to fetch and display web pages. Although TCP provides guaranteed delivery capabilities using loopback mechanisms, bidirectional messaging of the TCP involves sending messages from the originator/sender network to receiver/destination network, receiving messages back at the originator from the receiver/destination network, confirmation of error-free transmission of packet data, among other like steps/communications. At the same time, loopback messages also help in diagnosing a transmission problem and checking for any errors in TCP stack. On one hand therefore, loopback operations ensures error-free data transfer, whereas on the other hand, they result in additional delays and other side effects when transmitting a stream of data. For example, if two computers use TCP to transmit a packetized video stream, the received packets may appear “jerky” because missing or dropped packets must be re-transmitted before they can be re-ordered into received packet stream.
In recent years, various attempts have been made to provide secure transmission facilities by enhancing guaranteed-delivery protocols with encryption techniques. For example, Secure Sockets Layer (SSL) (renamed Transport Layer Security (TLS)) is a protocol that provides a secure channel between two machines, such as a server computer and a client computer, wherein the secure channel is transparent yet encrypted between client and server such that nearly any protocol that can be run over TCP, can also be run over SSL/TLS with minimal modifications. SSL/TLS security and fault detection rely on TCP (or a similar guaranteed delivery protocol) to order packets and guarantee delivery. After undergoing various revisions, SSL was renamed TLS and adopted by the Internet Engineering Task Force (IETF), as reflected in RFC 2246 (The term SSL/TLS may be used herein to refer collectively to these two closely related protocols).
A conventional networking system or a even a single host can include a first system operatively coupled with a second system, wherein the first system can include one or more applications and further comprise a socket API layer that provides an interface between the applications and a TCP/IP protocol stack. The first system can further include a network interface such as, for example, a network interface card (NIC) that connects the first system with the network. Similarly, the second system can include one or more second applications, a second socket API layer that interfaces the applications with a second TCP/IP protocol stack, and a second network interface that connects the second system with the network, which, in turn, couples the second system with the first system. In operation, a packet of data associated with an application of the first system flows from the application to the socket API layer and then to the TCP/IP protocol stack through the socket API layer. A socket provided by the socket API layer is an abstraction though which an application may send and receive data. To create an instance of a socket, a protocol or address family is specified for the socket. For TCP/IP, AF_INET address family (also referred to as PF_INET) is specified, which indicates that the socket will use the protocols and addresses from the Internet Protocol (IP) family. Further, AF_INET is used typically for the loopback implementation, wherein if data is transferred from one entity to another within a single host, it is passed back up to the network stack as if it had been received from another host. Two entities within a host therefore may communicate with each other using the TCP protocol even when such communication happens internal to the host (e.g., via an internal bus, fabric or network) and not through an external network, making the local connection go through the entire TCP path, which is inefficient and uses up system resources without much merit.
Usage of the TCP protocol for loopback communications between two devices within a single host also involves data to be written to a receiving socket of a second device to be first copied into a kernel and then placed onto the output queue of first device. Furthermore, data needs to be slurped off the sending socket of the first device and packaged up by TCP and IP, run through a packet filter, check-summed, along with performing other TCP level protocol formalities/functions. The data then needs to be sent over the loopback interface and then received by IP, TCP and eventually placed on a kernel socket receive buffer. Such systems also generate and process acknowledgements.
Similar data transactions also take place in network architectures where an SSL proxy and an HTTP proxy are configured as part of an Application Delivery Controller (ADC), which is used in an application delivery network to offload certain tasks from the web servers. The SSL proxy acts as an offload mechanism by having an ability to handle SSL communications and is also responsible for negotiating SSL connections with the client, and for decrypting/encrypting, content/data transactions coming from and going to client devices respectively. The SSL proxy is programmed to listen for client queries and forward these queries to the HTTP proxy, which is logically interposed between the SSL proxy and the server, and is responsible for managing HTTP requests from client devices and forwarding these requests to the server in clear text. SSL may be used in conjunction with the HTTP proxy to create a more secure connection when browsing the Internet, with an additional advantage of offloading the server. The SSL proxy server is incorporated to take care of security concerns and works as a load balancing means for the HTTP proxy and the web server. Further, sockets as described above, are created through socket API layers that are configured in each of the SSL proxy and the HTTP proxy, wherein such sockets are typically TCP sockets that are highly inefficient as they currently use AF_INET sockets. In a general scenario, loopback messaging is performed for communication using the TCP/IP protocol between the HTTP proxy and the SSL proxy, wherein such communication currently traverse the entire TCP path. When using a TCP/IP loopback connection, although the transport layer detects that the destination of the information is local, the operating system performs complete processing of the data in the transport and network layers prior to sending the data back to itself. In effect, operating system treats data as if it is coming from a network. Therefore, multiple layers of protocol processing and logic are applied to the loopback traffic carrying data. Even though the stack is aware that the endpoints are local to the host, the stack pretends that the data originated externally, treating a local IP connection as if it is coming from the network, resulting in unnecessary processing such as inspecting, packetizing, and performing additional functions corresponding with network protocols.
There is therefore a need to provide one or more socket APIs, architectures, systems, and methods related thereto to allow fast, efficient, and reliable transaction of data between two appropriate computing devices such as an HTTP proxy and an SSL proxy, for instance.